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FIELD OF THE INVENTION 
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This invention relates generally to a method and system where certain information pertaining to a 
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data subject is stored on a server and is provided to a third party at the request of the data subject. More 
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particularly, the present invention relates to a method and system where certain data subject information 
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the controller, or to an party authorized by the controller (an "authorized data recipient"), thereby allowing 
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the data subject to deliver information related to the data subject over a network in an easy and safe 


i- : 
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manner. 
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BACKGROUND OF THE INVENTION 




18 


The essence of electronic commerce is the exchange of information. The most common form of 




19 


electronic commerce entails the purchase of products over the Internet using a credit card. Information 



20 necessary to consummate a credit card transaction includes thedata subject's name, address, credit card 

21 information, and the amount to be charged. While the term "electronic commerce" is generally associated 

22 with the purchase of goods and services over the Internet, the term encompasses other transactions as 

23 well. For example, applications for insurance, college admissions, and loans are transactions that are not 

24 purchase transactions. Hence the term "transaction" is generally used herein to describe all manner of 

25 interactions over a network of the type noted above. The common element to all transactions is the 
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1 transfer of data from one party to another. 

2 A person who wants to send personal data (the "data subject") can either type in the required 

3 information each time a transaction is consummated or store the data for retrieval. Typing in data is not 

4 only inefficient and prone to errors, but discourages Internet commerce. Using a local software solution is 

5 generally considered undesirable, as most such software programs are proprietary to a particular 

6 payment system, require the data subject to become skilled in the operation of the program, and are 

7 perceived as slow or unwieldy. 

8 Repositories of data subject information exist in the "brick and mortar" world as well as the virtual . 

9 world of the Internet. Associations like AARP and AAA have large membership databases. Some 

10 merchant sites on the web require data subjects to "register" with the merchant. These collections of data 

fij 1 1 subject data have value outside their original purpose of facilitating purchasing. For example, a merchant 

12 may provide a registered data subject with certain member benefits. The holder of this data subject data 

y : 13 may alsoexploit this information selling it to third parties for marketing purposes. 

■c 

f * 14 While databases of data subject information are inherently valuable, it is not easy for a controller 

Hi 1 5 of one of these databases to provide a data subject access to his or her data in a way that facilitates 

16 Internet commerce. Even if a data controller could make data subject information available to a data 

y 

□ 17 subject, the data controller would have to deal with the costs associated with providing the means of 

18 capturing the data subject data needed for a particular transaction and associated with protecting the 

19 data. Finally, if a data controller managed to make its data usable for commerce, it might prove difficult to 

20 leverage that data by making it available to others authorized by the controller to receive it. 

21 Therefore, a need exists for a system that allows a controller of data subject information (the 

22 "data controller") to collect and securely store information from data subjects and to make data subject 

23 information available to the data subject to send selected information to the controller or to an authorized 

24 data recipient which could for the purposes of the application be a merchant, a college in case of 

25 application information, and other situations where information must be repetitively provided to a plurality 

26 of recipients, over the Internet in a manner that offers security and allows access from any computer. A 
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1 system to provide this for merchants is disclosed in copending application Serial No. 09/167,873, filed 

2 October 7, 1998, incorporated herein by reference in its entirety. The present invention expands upon 

3 this system to data controllers and authorized data recipients. 

4 SUMMARY OF THE INVENTION 

5 It is therefore an object of the present invention to reduce the number of steps a data subject is 

6 required to perform in order to complete a transaction over any network. 

7 A further object of the present invention is to reduce the number of steps a data subject is 

8 required to perform in order to complete a transaction over the Internet. 

9 A further object of the present invention is to eliminate storage and retrieval software that is 

10 permanently stored on the data subject's computer used generally herein as a "network communication 

1 1 device" or NCD. 

12 A further object of the present invention is to create a data repository for storing data subject 

13 information that can be operated by a data controller and accessed easily and transparently by a data 
!L 14 subject. 

Hj 15 A further object of the present invention is to allow authorized data recipients to access 

16 purchasing information relating to data subjects who are registered with data controllers without requiring 

17 a new registration. 

18 A further object of the present invention is to allow authorized data recipients to register new data 

19 subjects whose data will reside with data controllers in a data repository. 

20 A further object of the present invention is to allow a data subject to conduct transactions using 

21 data stored in the data repository from any computer connected to the network on which the data 

22 repository resides. 

23 A further object of the present invention is to use the the data repository to aid the data subject in 

24 distributing all manner of information, not just purchase/money information, to a variety of recipients when 

25 those recipients are to receive essentially the same information from one recipient to the next. 
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A further object of the present invention is to provide a mechanism for direct marketing or 
distribution of relevant information to data subjects immediately before, during, or after completion of a 
transaction using a the data repository. 

The present invention is a system for presenting a data subject's information to an authorized 
data recipient's computer to allow transactions to be consummated. The transaction may be the simple 
transmission of selected data subject information or for a purchase and sale of goods or services. The 
nature of the transaction will determine what data subject data is stored and presented. The system 
comprises a network communication device (NCD) associated with a data subject (the "data subject's 
NCD"), a computer associated with an authorized data recipient (the "authorized data recipient's 
computer"), and a server (the "data repository") on which the necessary and desirable information about 
the data subject is stored. The data subject's NCD, the authorized data recipient's computer, and the 
data repository are connected to a network, such as, but without limitation, the Internet, and communicate 
using communication protocols. The data subject's NCD can interpret and process files from the data 
recipient's computer and the data repository using software resident on the data subject's NCD(the "NCD 
software"). The authorized data recipient's computer operates a web server, provides transaction 
processing, and performs other functions. The authorized data recipient's computer may be a single 
device, or may, at the authorized data recipient's discretion comprise a number of devices that may or 
may not be co-located. The authorized data recipient's computer also operates software ("client 
software") that communicates with the data repository. The data repository, which is controlled by a data 
controller, operates data repository software, which provides access to information stored in various 
databases, logs, and/or datastructures of the data repository. Data controllers specify a list of authorized 
data recipients to the data repository with whom the data controllers' registered data subject information 
can be shared. Note that if the data controller is also a user of data subject information, the data 
controller will be acting as an authorized data recipient. 

The present invention allows data subjects to send transaction information over a network and 
allows authorized data recipients to receive data subject information relating to that transaction. In the 
preferred embodiment, the transaction involves the purchase of goods and services. The network 
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1 connecting the data subject's NCD, the authorized data recipient's computer, and the data repository is 

2 the Internet, and the transaction data is purchasing data. However, the invention is not limited to a 

3 purchase transaction. As noted earlier, other types of transactions where information is exchanged is 

4 within the scope of the present invention. 

5 During the web surfing process, a data subject browses an authorized data recipient's Web site 

6 via the data subject's NCD. The NCD may be any communications device connected to the network. In 

7 this example, it is assumed that the NCD is a computer. The authorized data recipient's Web site invites 

8 the data subject to send a set of data subject information to the authorized data recipient thereby 

9 consummating a transaction (an "offer"). 

10 The authorized data recipient's Web site also operates client software. When the data subject 

4i 1 1 accepts the authorized data recipient's offer to consummate a transaction, the client software sends both 

Ul 12 a file readable by the NCD software and the authorized data recipient's offer to the NCD software that is 

£ j 13 resident on the data subject's NCD. The NCD software readable file includes information to identify the 

m 14 authorized data recipient, an address for the authorized data recipient's Web page and instructions that 

^ 15 instruct the NCD software to communicate with the data repository software. The authorized data 

cs 

16 recipient's offer passes through the data subject's NCD to the data repository software resident on the 

2i 17 data repository. 

w 18 The data repository software verifies that the authorized data recipient is known to the data 

19 repository and identifies the data controllers that have authorized the authorized data recipient to receive 

20 data subject information. The data repository then returns a message to the NCD software and instructs 

21 the NCD software to display a dialog box within an area reserved for the dialog box within the authorized 

22 data recipient's Web page. The content of this dialog box depends on whether or not the data subject is 

23 known to the data repository software. 

24 If the data subject is known to the data repository software, because of prior registration of the 

25 data subject, the data repository software determines if the data subject was registered by or in 

26 association with a data controller and if that data controller has authorized the authorized data recipient 

27 that sent the offer to receive the data subject's information, tf the authorized data recipient is so 
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1 authorized, the data repository software takes information contained in the authorized data recipient's 

2 offer, formats the information to allow the NCD software to display the authorized data recipient's offer, 

3 and sends the authorized data recipient's offer to the data subject's NCD where the authorized data 

4 recipient's offer is displayed by the NCD software in a dialog box within the area reserved for the dialog 

5 box within the authorized data recipient's Web page. The data subject is prompted to decide whether or 

6 not to complete the transaction. Typically, this communication occurs by the data subject clicking on an 

7 object resulting in a message being communicated to the data repository. 

8 If the data subject elects to complete the transaction, the data repository software forwards the 

9 data subject's information to the authorized data recipient's computer. The information includes 

10 information from the authorized data recipient's offer and the data subject's information (e.g., credit card 

3? 1 1 number, address, shipping address, social security number, etc.) that is stored on the data repository. 

f ^ 

n=j 12 The authorized data recipient's computer then uses the information to complete the transaction. 

\j 13 If the data subject is unknown to the data repository software, or if the data subject is known to 

g? 14 the data repository software but the authorized data recipient sending the offer is not authorized by the 

jU 15 data controller associated with the data subject to receive such data subject information, the data 

— r 

2* 1 6 repository software sends a form to the data subject's NCD which is displayed in a dialog box within the 

ill 

~y 17 area reserved for the dialog box within the authorized data recipient's Web page. The form prompts the 

w 

□ 18 data subject to provide the information necessary to complete the transaction. Once the data subject 

19 provides sufficient information to complete the transaction, the data repository software prompts the data 

20 subject to complete the transaction. 

21 If the data repository software does not know the data subject, the data subject may be asked to 

22 register with the data repository under several scenarios. For example, the data subject may have 

23 reached the authorized data recipient's page through a link associated with the data controller. If the 

24 authorized data recipient is authorized by the data controller to receive data subject information, at the 

25 completion of the transaction with the authorized data recipient the data subject may be prompted to elect 

26 to have the information retained on the data repository for future use (the process herein referred to as 

27 "registration"). If the data subject answers "no", then the information is stored in a temporary data 
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1 structure. Information stored in the temporary data structure is retained for a set amount of time and is 

2 not available for reuse by the data subject. If the data subject answers "yes", then the information 

3 pertaining to the data subject is stored in a data structure intended for the retention and future use by the 

4 data subject and becomes a registered data subject of the data controller. The registration process is 

5 disclosed in copending application Serial No. 09/167,873, filed October 7, 1998, incorporated herein by 

6 reference in its entirety. 

7 If the data subject elects to register with the data repository software, during the registration 

8 process, the NCD software is sent an NCD software identifier. In the preferred embodiment, the NCD 

9 software is a browser and the browser identifier is a cookie. The NCD software identifier contains data 
10 that are crypto graphically protected to enhance security. The NCD software identifier allows the data 

Li 

^ 1 1 repository software to identify the NCD software and permits a data subject to authenticate himself or 

Ul 12 herself, thereby permitting the data repository software to use the data subject's stored information in 

~H 13 future transactions. 

is 

^ 14 The system also allows data subjects who are registered on a different NCD to authorize the 

^ 15 data repository software to use the data subject's stored information. This situation occurs when the data 

Hi 16 repository software cannot identify the NCD software identifier because there is no NCD software 

N 

ri 17 identifier in the NCD software or the NCD software identifier cannot be used to identify the particular data 

VI 

18 subject using the NCD software. 

19 Since the system of the present invention establishes communication links between the 

20 authorized data recipient's computer and the data repository, the system can be optimized in several 

21 respects. For example, the price of goods or services may be affected by the relationship between the 

22 data controller and authorized data recipients, the location to which the item is to be shipped, the method 

23 of shipping, and by tax obligations. The data repository software communicates information pertaining to 

24 the data subject to the authorized data recipient's computer permitting the authorized data recipient's 

25 computer to determine a "final" price based on the data subject's information, i.e., shipping address 

26 and/or preferences. 
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1 Another example of optimization is the ability of the data repository software to present a data 

2 controller or authorized data recipient's brand, both brands, or other "brand" to the NCD software. If the 

3 data subject is making a purchase (first or repeat) at a authorized data recipient Web site, a top graphic 

4 and colors used by the data repository prompt can be specified by the authorized data recipient offer and 

5 a bottom graphic used by the data repository prompt can be specified in accordance with the data 

6 controller involved. The data repository software can also associate a data subject with an identification 

7 code that can be presented to the authorized data recipient's computer, thus allowing the authorized data 

8 recipient to "recognize" a data subject and provide customer-specific messages, displays, and offers. 

9 The data repository software can tailor its communication with the data subject's NCD in accordance with 
10 a profile created by the data repository software. The profile is based upon preferences chosen by the 

U 1 1 data subject or created by the data repository software based on the data subject's behavior, from 

= s 

Ul 12 preferences chosen by the data controller or authorized data recipient, by a branding party, or the like. 

yl 

'f* 13 With respect to data subjects, the system is optimized to provide all of the transaction information 

14 to the data subject thereby allowing the data subject to verify the information and make a decision to 

pi 

s 15 complete a transaction without further information input from the data subject. The system can also 

4« 16 establish a dialogue between the data subject's NCD and the data repository to permit the data subject to 

si i 

vj 17 select from options such as which credit card to use, the shipping address, and the shipping means. 

! I 

□ 1 8 The relationship between the data controller and authorized data recipient further allows the 

19 customer to shop at a wider variety of authorized data recipients without having to repeatedly register with 

20 each one. 

21 

22 BRIEF DESCRIPTION OF THE DRAWINGS 

23 Figure 1 illustrates the overall architecture of the present invention. 

24 Figure 2A illustrates the process of consummating a transaction over a network. 

25 Figure 2B illustrates the process of consummating a transaction over a network (continued). 
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1 Figure 2C illustrates the process of consummating a transaction over a network (continued). 

2 Figure 2D illustrates the process of consummating a transaction over a network (continued). 

3 DETAILED DESCRIPTION OF PREFERRED EMBODIMENT 

4 For the purpose of this application, the term software is deemed to include instructions. 

5 Referring to Figure 1, the overall architecture of the present invention is illustrated. The present 

6 invention allows data subject 100 to conduct a transaction over network 160 and allows authorized data 

7 recipient 120 of a data controller (not shown) to receive information relating to the transaction. 

8 To complete a transaction, data subject 100 uses data subject network communication device 

9 ("consumer's NCD") 102. Data subject's NCD 102 can be a computer or a wireless device and operates 

SIC 

10 software that is either a Web browser or emulates a Web browser (the "NCD software") 104. In either 

jij 1 1 case, the NCD software has the requisite capability of displaying the information supplied by data 

fl 12 recipient computer 122. The NCD software 104 allows data subject 100 to download and display Web 

^ 13 pages or other information from the authorized data recipient's computer 122. 

hi 

JU 14 To receive information relating to the transaction, authorized data recipient 120 uses authorized 

|" 15 data recipient's computer 122. Data recipient's computer 122 operates Web server software 124 and 

^ 16 client software 126. Web server software 124 displays an authorized data recipient's Web pages. Client 

□ 17 software 126 allows authorized data recipient 120 to communicate with the data repository (the "data 

18 repository") 140. An authorized data recipient may be an authorized data recipient for multiple data 



19 controllers, but only needs to load a single copy of the client software 126. 

20 In the preferred embodiment, data repository 140 is under the control of a data controller although 

21 this is not meant as a limitation since the data repository need not be under control of the a data controller 

22 but can operate independently. However, for this embodiment the data repository is under the control of 

23 a data controller and comprises data repository software 142 which gathers and stores the transaction 

24 information of data subjects registered with a data controller (or on behalf of a data controller through a 

25 authorized data recipient) to complete a transaction over common network 160, temporary data structure 

26 144 which stores data subject information for a limited amount of time and cannot be used in future 
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1 transactions, data subject data structure 146 which stores data subject information associated with a data 

2 controller that can be used in future transactions, authorized data recipient data structure 148 which 

3 stores information pertaining to the data controller or authorized data recipient, data subject transaction 

4 log 150 which stores information pertaining to the transactions for registered data subjects, and 

5 authorized data recipient transaction log 152 which stores information pertaining to transactions for 

6 registered and non-registered data subjects. 

7 Consumer NCD 102, data recipient's computer 122, and data repository 140 are connected to 

8 common network 160. The present invention can operate over various types of common networks both 

9 wired and wireless. The present invention can operate over the Internet, cable systems, satellite 

10 systems, wireless networks, intranets, LANS, and WANS however this list should not be construed as a 

y|j 1 1 limitation. In the preferred embodiment, the common network is the Internet. 

in 

^] 12 It should also be noted that a network 160 may actually comprise more than one network. This 

Tor 

s £ 1 3 would be the case where the data subject's NCD is a wireless device which must first communicate over 

14 a wireless network and then over the Internet. 

15 Data repository software 142 gathers and stores the information needed to complete a 

Hi 16 transaction over common network 160. Data repository software 142 gathers the information directly from 

■z 

□ 17 data subject 100, from data subject data structure 146 or from both. 

pi. 

18 Temporary data structure 144 stores information relating to a particular interaction between data 

19 subject 100 and authorized data recipient 120. 

20 Authorized data recipient data structure 148 stores information relating to authorized data 

21 recipients associated with the data controller , including authorized data recipient 120, that have 

22 completed the registration process with the operator of data repository 140 (either directly or through the 

23 authorized data recipient on behalf of a data controller). The information in authorized data recipient 

24 data structure 148 represents information that is necessary to identify authorized data recipient 120 and 

25 authorized data recipient computer 122. This information also includes contact information, authorized 

26 data recipient identification number, data controller information, network location(s) for the authorized 
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1 data recipient computer 122, the type of transaction accepted, accepted payment card types, accepted 

2 currencies, and payment methods (e.g., electronic check, micropayments). This list of information should 

3 not be construed as a limitation and is illustrative only. 

4 Consumer transaction log 150 stores information relating to transactions performed by registered 

5 data subjects. Authorized data recipient transaction log 152 stores information relating to transactions 

6 performed by registered and non-registered data subjects, including data subject 100. The operator of 

7 data repository software 142 can allow data subjects and authorized data recipients access to the 

8 information contained in their respective data structures as deemed necessary. For instance, data 

9 subject 100 can be given a summary of the data subject's transactions over a period of time. Authorized 
10 data recipient 120 can be given a summary of the authorized data recipient's transactions over a period of 

SSf. 

g£: 11 time. 

U1 

Ul 12 Referring to Figures 2A, the process of purchasing an item over a network is illustrated. The 

d% 

■ess 

Nl 13 following process is the preferred embodiment of the present invention. I In alternate embodiments, similar 

"•s 

Sj 14 processes can occur in different orders. Additionally, a transaction involving the exchange of information 

ri 15 may involve the storage and retrieval of data different from that described in the following example. 

?= 

Hi 16 In the preferred embodiment, data subject 100 and authorized data recipient 120 are registered 

□ 17 with and known to data repository 140. The process by which data subject 100 becomes registered and 

S 

18 the handling procedures in the even one or both are not registered are described in copending application 

19 Serial No. 09/167,873, filed October 7, 1998, incorporated herein by reference in its entirety. 

20 The purchasing process starts with a data subject requesting a authorized data recipient's offer 

21 200 from a authorized data recipient. In response to the data subject's request, the authorized data 

22 recipient's computer responds by sending both a file that is readable by the NCD software and the 

23 authorized data recipient's offer to the data subject's NCD 202. The NCD software processes the 

24 browser readable file and sends the authorized data recipient's offer and a message which is received by 

25 data repository 204. The authorized data recipient's offer includes the following information, however 

26 this information is not meant as a limitation since other data types may also be useful: authorized data 
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recipient identifier, price of the item, a form of digital signature of the authorized data recipient, a final 




2 


price indicator, and a transaction number. The authorized data recipient identifier identifies the 




3 


authorized data recipient who is offering the item for sale. The identifier is used to confirm that the 




4 


authorized data recipient is known to the data repository and to associate the authorized data recipient 




5 


with one or more data controllers 205. The price of the item is cost to purchase the item. A digital 




6 


signature of the authorized data recipient is used to ensure the validity of the offer. The final price 




7 


indicator is used to indicate whether the final cost for the item is affected by the data subject's shipping 




8 


address and/or shipping preference. The transaction number is used for tracking purposes. The 




9 


transaction number does not contain any product identifying information. The transaction number acts as 




10 


an identifier for identifying a transaction. 


p=i 
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The message sent from the NCD software to the data repository indicates whether the browser 


: : = 

yi 


12 


contains a browser identifier (an NCD software identifier). In the preferred embodiment, the browser 




13 


identifier is a cookie and comprises a unique identifier that differentiates it from all other identifiers. A 




14 


browser identifier identifies the data subject browser on a specific data subject computer. The data 


b-e 
s 

Pi 


15 


repository software receives and processes the message to determine if the NCD software contains an 




16 


identifier that identifies a data subject that matches a data entry in a file in the data subject data structure 


PI 
fee 

PI 
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of the data repository 206. 


18 


The data repository software also determines whether a single user or multiple users have used 




19 


the NCD software by checking the data subject data structure and by permitting data subjects to access 




20 


their data from remote computers. The processes by which these features are implemented are 




21 


described in detail in copending application Serial No. 09/167,873, filed October 7, 1998, incorporated 




22 


herein by reference in its entirety. 




23 


If the data repository software determines that the information provided by the data subject 




24 


matches the information the data subject supplied during registration, then using the authorized data 




25 


recipient identifier included in the offer sent to data subject computer (Figure 1 , 102) by authorized data 




26 


recipient computer (Figure 1 , 122), the data repository software will determine if the authorized data 




27 


recipient that delivered the offer to the data subject has been authorized by the data controller to receive 
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1 data subject information stored on the data repository 207. 

2 If the data repository software determines that the information provided by the data subject 

3 matches the information the data subject supplied during registration and the authorized data recipient is 

4 authorized by the data controller, then the data repository software accesses and gathers the data 

5 subject's information which is stored in the data subject data structure 214. 

6 If the data repository software determines that more than one user is using the data subject's 

7 NCD 208, the data repository software asks for user identification 210. Based on the user information, 

8 the data repository determines if the user is known 212. If so, user data is retrieved from the data 

9 repository. If the user is not known, the data repository prompts the use to enter further information to 
r i 10 become registered or to provide information to complete the transaction. 

U! 1 1 Referring to Figure 2B, the process flow continues. If the data repository software determines 

y | 

4} 12 that the information provided by the data subject is insufficient to identify the data subject or that the data 

"■e 

Sj 13 subject and data recipient are not associated with a common data controller, then the data repository 

1' 14 software prompts the data subject for the purchasing information to complete the transaction by 

1= 15 displaying forms to be completed 216. The response from the NCD software is received by the data 

I" 16 repository 218. 

17 The data repository software extracts the data from the completed forms 220 and stores the data 

18 in a temporary data structure 222. The information acquired from the forms is evaluated to determine if 

19 the information from the data subject is sufficient to complete the purchase transaction 224. This step 

20 includes the data repository software accessing the authorized data recipient data structure using the 

21 authorized data recipient identifier to ensure that the data subject's purchasing information is in proper 

22 order, i.e., to check that the data subject's credit card accepted by the authorized data recipient. If the 

23 information is not sufficient, the data subject is prompted for the information again 216. The operator of 

24 the data repository can set the number of iterations that the data subject is prompted for the information. 

25 If the data is sufficient, the data subject is asked to purchase the item 226. If the data subject declines 

26 the transaction, the dialog ends 228. If the data subject decides to buy the item, the data collected in the 



4/26/2000 Data Controller 042500.doc . 1 3 



1 form is sent to the data recipient 230. However, the transaction data is not permanently stored at the 

2 data repository. 

3 Referring to Figure 2C, the process flow continues. Once the data repository software 

4 determines that the data subject's information is sufficient to complete the purchase transaction, the data 

5 repository software then determines if the price of the item needs to be adjusted for shipping costs 236. tf 

6 price adjustment is required, new price information is obtained from the authorized data recipient 230. 

7 The revised offer is then presented to the data subject 240. If no price adjustment is required 236, the 

8 final offer is presented to the data subject 240. The system next displays the offer and determines if the 

9 data subject needs to enter a passphrase. If the data subject is a registered data subject of the data 

10 controller who has not gone through the authentication process yet, then offer is then augmented with a 

4; 1 1 prompt for the user to enter the data subject's passphrase 244. The data repository software evaluates 

m 12 the entered passphrase against data held in the data subject data structure 246 to determine if the data 

si 13 subject is known (registered) by the data repository software. If the passphrase does not match, then the 

14 data subject is prompted for the correct passphrase 244. The operator of the data repository can set the 

!L 15 number of iterations that the data subject is prompted for a correct passphrase to avoid multiple 

! : t 16 fraudulent attempts to access information. 

si : 
5 U 

1 7 Once the data subject enters a correct passphrase or if there was no browser identifier for the 

w 18 data subject, the data subject is presented with a buy decision 248. The data subject has several options 

19 available at this step: the data subject can elect to buy the item, change the data subject's information 

20 and buy the item, or cancel the transaction. If the data subject elects to change the data subject's 

21 information, the data subject must still decide to either buy the item or cancel the transaction after 

22 changing the information. If the data subject declines to purchase the item, then the transaction is 

23 canceled 250, and the information held in the temporary data structure is deleted, the dialogue ends and 

24 the transaction is terminated 250. 

25 The data subject also has the option of changing the data subject's information. The data 

26 subject may wish to change such information for such reasons as the data subject does not agree with 

27 the selection by the data repository software or the information contains an error. For instance, if the data 
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subject wishes to change the shipping address, the data subject can enter a new shipping address. In 
some instances, the data subject can have a plurality of possible entries into the same information block 
with a preferred entry. In such a situation, the data repository software chooses the preferred information 
to enter into the information block. The data repository software chooses the information via any 
selection process known in the art, such as most popular, last used, first used, etc. However, the data 
repository software cannot enter information into an information block if the authorized data recipient will 
not allow such an entry. For instance, a authorized data recipient may only accept the ACME credit card 
and the data subject has not previously used an ACME credit card to purchase an item using the present 
invention. In such a situation the data repository software prompts the data subject to provide an 
acceptable form of payment. Information options are available to the data subject in the form of directory 
of addresses, shippers, shipping methods, credit cards, and other information options. 

Referring to Figure 2D, if the data subject elects to purchase the item, then the information 
regarding the transaction is delivered to the authorized data recipient's computer, information is written to 
the authorized data recipient transaction log, and a message confirming the transaction is sent to the data 
subject's NCD 252. The information regarding the transaction is written to the data subject transaction 
log 256. 

The transaction process ends 264. 

If a data subject is registered with more than one data controller and attempts to make a 
purchase with a authorized data recipient common to both data controllers, the data subject registration 
used to make the purchase is determined by the authorized data recipient and can be determined, for 
example, according to the particular area of the authorized data recipient Web site accessed by the data 
subject or according to the previous or linking site used by the data subject. 

Although the above description is directed at purchasing an item over the Internet, the same 
concept of distribution of information can be applied to other areas. 

In all of these different type of embodiments, the communications between the different parties 
can be encrypted in any manner known in the art. In addition, some of the communications can be 
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accomplished in different manners. For example, in an alternate embodiment of the preferred 
embodiment, communications between the data repository and the authorized data recipient computer 
can occur using a separate communication link. The communication link can be a direct link between the 
authorized data recipient and the data repository. Using this separate link can ensure against 
unauthorized transactions. 

Although the present invention has been described in detail for purpose of illustration, it is 
understood that such detail is solely for that purpose, and variations can be made therein by those skilled 
in the art without departing from the scope of the invention. The preceding descriptions of the operations 
of the present invention are merely illustrative. In various embodiments of the disclosed inventions 
operational steps may be added, eliminated, performed in parallel or performed in a differing order. The 
apparatus and process of the present invention is defined by the following claims. 
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